Commit e1ce11da authored by Dries's avatar Dries

- Patch #732486 by Damien Tournoud, JacobSingh: drupal_add_http_header() req...

- Patch #732486 by Damien Tournoud, JacobSingh: drupal_add_http_header()  req ; make Status a normal header and drupal_add_http() header shouldn't return a list of headers.
parent 140cacba
......@@ -39,7 +39,7 @@
* Render a 403 access denied page for authorize.php
*/
function authorize_access_denied_page() {
drupal_add_http_header('403 Forbidden');
drupal_add_http_header('Status', '403 Forbidden');
watchdog('access denied', 'authorize.php', NULL, WATCHDOG_WARNING);
drupal_set_title('Access denied');
return t('You are not allowed to access this page.');
......
......@@ -906,32 +906,22 @@ function drupal_load($type, $name) {
* too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
*
* @param $name
* The HTTP header name, or a status code followed by a reason phrase, e.g.
* "404 Not Found".
* The HTTP header name, or the special 'Status' header name.
* @param $value
* The HTTP header value; if omitted, the specified header is unset.
* The HTTP header value; if equal to FALSE, the specified header is unset.
* If $name is 'Status', this is expected to be a status code followed by a
* reason phrase, e.g. "404 Not Found".
* @param $append
* Whether to append the value to an existing header or to replace it.
*/
function drupal_add_http_header($name = NULL, $value = NULL, $append = FALSE) {
function drupal_add_http_header($name, $value, $append = FALSE) {
// The headers as name/value pairs.
$headers = &drupal_static(__FUNCTION__, array());
$headers = &drupal_static('drupal_http_headers', array());
if (!isset($name)) {
return $headers;
}
// Save status codes using the special key ":status".
if (preg_match('/^\d{3} /', $name)) {
$value = $name;
$name = $name_lower = ':status';
}
else {
$name_lower = strtolower($name);
}
$name_lower = strtolower($name);
_drupal_set_preferred_header_name($name);
if (!isset($value)) {
if ($value === FALSE) {
$headers[$name_lower] = FALSE;
}
elseif (isset($headers[$name_lower]) && $append) {
......@@ -956,7 +946,7 @@ function drupal_add_http_header($name = NULL, $value = NULL, $append = FALSE) {
* or NULL if the header has not been set.
*/
function drupal_get_http_header($name = NULL) {
$headers = drupal_add_http_header();
$headers = &drupal_static('drupal_http_headers', array());
if (isset($name)) {
$name = strtolower($name);
return isset($headers[$name]) ? $headers[$name] : NULL;
......@@ -1006,7 +996,7 @@ function drupal_send_headers($default_headers = array(), $only_default = FALSE)
}
}
foreach ($headers as $name_lower => $value) {
if ($name_lower == ':status') {
if ($name_lower == 'status') {
header($_SERVER['SERVER_PROTOCOL'] . ' ' . $value);
}
// Skip headers that have been unset.
......
......@@ -2339,7 +2339,7 @@ function drupal_deliver_html_page($page_callback_result) {
switch ($page_callback_result) {
case MENU_NOT_FOUND:
// Print a 404 page.
drupal_add_http_header('404 Not Found');
drupal_add_http_header('Status', '404 Not Found');
watchdog('page not found', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
......@@ -2369,7 +2369,7 @@ function drupal_deliver_html_page($page_callback_result) {
case MENU_ACCESS_DENIED:
// Print a 403 page.
drupal_add_http_header('403 Forbidden');
drupal_add_http_header('Status', '403 Forbidden');
watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
// Keep old path for reference, and to allow forms to redirect to it.
......@@ -2397,7 +2397,7 @@ function drupal_deliver_html_page($page_callback_result) {
case MENU_SITE_OFFLINE:
// Print a 503 page.
drupal_maintenance_theme();
drupal_add_http_header('503 Service unavailable');
drupal_add_http_header('Status', '503 Service unavailable');
drupal_set_title(t('Site under maintenance'));
print theme('maintenance_page', array('content' => filter_xss_admin(variable_get('maintenance_mode_message',
t('@site is currently under maintenance. We should be back shortly. Thank you for your patience.', array('@site' => variable_get('site_name', 'Drupal')))))));
......
......@@ -2722,7 +2722,7 @@ function _db_error_page($error = '') {
global $db_type;
drupal_language_initialize();
drupal_maintenance_theme();
drupal_add_http_header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
drupal_add_http_header('Status', '503 Service Unavailable');
drupal_set_title('Site offline');
}
......
......@@ -172,7 +172,7 @@ function _drupal_log_error($error, $fatal = FALSE) {
}
if ($fatal) {
drupal_add_http_header('500 Service unavailable (with message)');
drupal_add_http_header('Status', '500 Service unavailable (with message)');
}
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
......
......@@ -40,7 +40,7 @@ function aggregator_test_feed($use_last_modified = FALSE, $use_etag = FALSE) {
}
// Return 304 not modified if either last modified or etag match.
if ($last_modified == $if_modified_since || $etag == $if_none_match) {
drupal_add_http_header('304 Not Modified');
drupal_add_http_header('Status', '304 Not Modified');
return;
}
......
......@@ -609,7 +609,7 @@ function image_style_generate() {
if (!$lock_acquired) {
// Tell client to retry again in 3 seconds. Currently no browsers are known
// to support Retry-After.
drupal_add_http_header('503 Service Unavailable');
drupal_add_http_header('Status', '503 Service Unavailable');
drupal_add_http_header('Retry-After', 3);
print t('Image generation in progress. Try again shortly.');
drupal_exit();
......@@ -630,7 +630,7 @@ function image_style_generate() {
}
else {
watchdog('image', 'Unable to generate the derived image located at %path.', array('%path' => $destination));
drupal_add_http_header('500 Internal Server Error');
drupal_add_http_header('Status', '500 Internal Server Error');
print t('Error generating image.');
drupal_exit();
}
......
......@@ -237,7 +237,7 @@ function update_info_page() {
}
function update_access_denied_page() {
drupal_add_http_header('403 Forbidden');
drupal_add_http_header('Status', '403 Forbidden');
watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
drupal_set_title('Access denied');
return '<p>Access denied. You are not authorized to access this page. Log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment